Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Please avail the user/group 'description' attribute in Azure.

    We utilise the 'description' attribute extensively for university relationship AuthZ. As we have over 360,000 identities, using groups can't be used with AAD Connect/Azure due to the 50,000 member limit.

    We are interested in moving our SAML apps from ADFS to Azure (over 100) as well as connecting some on-premises app to Azure with Application Proxy, however as we use 'description' to apply the necessary AuthZ, we consequently cannot move the apps.

    The 'description' attribute is sync'ed from on-premises, so I'm sure it would be a simple thing to enable it for consumption in Azure.

    Scott.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  2. Support for LDAP as source for sync to AAD via AAD Connect

    We are gradually and intentionally diminishing the role that our on premises AD DS plays. To support this and allow for additional hybrid identity capabilities without having to rely on MIM/FIM, we would like to leverage our on premises LDAP user profile store as the source for user profile info in AAD via AAD Connect.

    We have migrated 'cloud' authN to AAD via Azure PTA/sSSO and decommissioned ADFS and would like to continue to leverage AAD as the authoritative user profile store for all 'cloud' integrations in line with the on premises LDAP user profile store being authoritative for all…

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  5 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  3. AAD Connect - Sync a single object

    AAD Connect - Allow sync of a selected object. This is useful in troubleshooting one object versus parsing through everything else.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  2 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  4. Please add support for MFA to the ADSync module

    Please add support for MFA to the ADSync module.

    Accounts enabled with MFA cannot run this basic administrative tasks like “Get-ADSyncExportDeletionThreshold”.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  5. AAD connect as a service

    I would love to see Microsoft offering AAD Connect as a Service. Either with an agent on a DC or member server much like the pass-through auth server works. But having the sync and metaverse running in a service in the cloud.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  3 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  6. AAD Connect Cloud Provisioning: Add support for password writeback

    Currently Cloud Provisioning does not support password writeback, so using Azure AD SSPR with on-Prem synched passwords is not possible.

    Would be great to have that as one of the first enhancements of Cloud Provisioning

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  3 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  7. sync hideDLMembership

    Please allow us to sync hideDLMembership with Exchange online

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  8. ADSync Cmdlets Fail with Remote PowerShell

    The ADSync cmdlets do not work with remote PowerShell. A command such as Get-ADSyncRunProfileResult works fine when executed on the computer with an interactive logon but fails when run using WinRM with Invoke-Command or Enter-PSSession.

    When called with Remote PowerShell the cmdlets fail when establishing a connection to net.pipe://localhost/ADSyncManagement.

    Since WMI was taken away, we really need a way to access the ADSync module without having to logon interactively.

    Here is the error:

    Invoke-Command -ComputerName myAADConnectServer -ScriptBlock {Get-ADSyncRunProfileResult}

    There was no endpoint listening at net.pipe://localhost/ADSyncManagement that could accept the message. This is often caused by an incorrect address or SOAP…

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  9. 12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  3 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  10. Improve support in Azure AD Connect for GALSync contacts in the default rule set

    Currently there are several issues related to GALSync contacts in a multi-forest AD environment. I use a number of custom rules in Azure AD Connect to address these issues.

    The first issue is that the default rule set only has provisions for joining contacts to person objects in the metaverse. This means that in an environment with GALSync contacts for distribution groups both person and group objects are created in the metaverse with conflicting attributes.

    When creating custom rules to handle the first issue it is possible due to rule ordering that a GALSync contact for a user is used…

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  11. Termination Sync from AD

    Currently It looks like we have a full sync every 3 hrs & password sync every 3 minutes.. In the event of a terminated employee they would have 3 hrs access to One Drive.. Is there a way to Sync Terminated or Disabled accounts to remove access ?

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  12. Sync Dynamic Security groups to On Prem AD

    I would like to see Azure AD Dynamic groups be synced to on Prem AD. Currently you can sync distribution groups but not security groups. I would love to be able to set up dynamic groups and have my on prem groups reflect changes to things like position changes while staying synced with their counterparts in the cloud.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  13. Use seperate PTA agents for each AD forest

    We are just now maing the switch from ADFS to use PTA.
    We are a large enterprise with some 25k users and 3 seperate AD forests.

    One thing that would make my, and every network/firewall persons, life easier would be if we could have dedicated PTA agents for Forest A that takes care of users with UPN suffix belonging to Forest A, and seperate dedicated agents for Forest B that takes care of users with UPN suffixes belinging to that forest.

    In the current design any login ticket can end up on any PTA agent which means that every server…

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow people to connect to the AzureAD from an on-premise Linux box.

    There are plenty of tutorials how to connect a Linux VM to an Azure AD, however, I do not think there is currently a known way to connect an on-premise Linux box to an Azure AD. I believe it would be extremely nice for Microsoft to provide the software they provide for the Linux VMs for on premise Linux boxes. This would be especially useful for smaller companies, like ours, which is just starting out and we need to make every penny count.

    Thanks!

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    need-feedback  ·  6 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  15. Skip Public Folder Objects in AAD Sync Requests vs Crashing Sync

    Summary:
    Sync jobs fail when a public folder is present

    Request:
    Change AAD Connect such that it skips over a public folder object, reports the skipped object in an event log, and keeps syncing

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  2 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  16. Azure AD Cloud Provisioning: Add support for device sync

    Currently devices are not synchronized by Cloud Provisioning, not having that makes it unable to do Win10 hybrid device join as the computer need to authenticate to AAD.

    From my point of view this is the Nr. 1 topic to implement.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  2 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  17. Sync onPrem AD OUs to AAD Administrative Units

    Managing membership of AAD administrative units for any large group with regular churn has a high amount of administrative overhead for keeping that membership up to date. With no dynamic membership for administrative units currently, users have to be added/removed manually via powershell. It would be convenient if azure active directory connect sync'd on-prem AD OUs and their membership --> populated AAD administrative units. As rights delegation often occurs at the OU level in on-prem AD similar to how administrative units function with delegated roles, the structure for scoping already exists for distinct user populations within the org.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  18. AADConnect Server Array

    If you start doing password sync and password self service reset, etc. it makes AADConnect a pretty critical service. It would be great if the AADConnect setup wizard and the service in general supported an array deployment such that it could assign primary and staging roles and be aware of other servers in the array. Having the ability to control failover to an array member... etc. Support for each server using SQL Express, individual SQL Server instances or a centralized SQL instance shared by the array. When you have a custom configuration, maintaining AADConnect instances can be a real painful…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  19. AADConnect Group Department and Company attribute sync

    For some reason Group objects don't include Department or Company attributes in their sync... even if you add them as custom attributes, they don't flow up to Exchange Online's directory. Both attributes are very handy when creating dynamic address lists.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  20. AADConnect - Generate Preview

    When viewing an object in AADConnect and generating a preview based on full or delta imports... it should actually go and perform the full or dela import of that specific object when you perform that action. If i'm troubleshooting an issue in a large directory environment, I dont want to have to wait 6 to 12 hours for a full import, full sync to run after making each change... It seems logical that i could update a directory object or an AADConnect rule and go preview the impact of those changes on a single object without having to import the…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    started  ·  1 comment  ·  Azure AD Connect  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base